Backdoor:Win32/Losfondup.B

By Domesticus in Backdoors

Backdoor:Win32/Losfondup.B is a backdoor Trojan that enables cybercriminals to obtain full remote access and control over a compromised PC, makes changes to user system and settings accounts, and embeds itself into running processes. While being installed, Backdoor:Win32/Losfondup.B makes system changes by downloading malevolent files and making modifications to the Windows Registry. Backdoor:Win32/Losfondup.B will introduce a user account called 'Local Servlce' by purposefully misspelling 'Local Servlce', instead of 'Service', possibly to dupe attacked PC users into thinking it is a genuine Windows user account. Backdoor:Win32/Losfondup.B may be installed and launched by other malware infections. Backdoor:Win32/Losfondup.B registers itself as a geneuine component of the Windows system service 'SENS' (system even notification service) by making alterations to the registry entry. Backdoor:Win32/Losfondup.B also modifies the registry entries to make sure that its altered version of the 'SENS' service is initiated every time you start Windows. When the Windows system service SENS is launched, Backdoor:Win32/Losfondup.B is run instead of the original, legal one. To conceal its occurrence, Backdoor:Win32/Losfondup.B also fulfills the normal functions of the legal SENS service. To make that the altered version of the 'SENS' service, and, therefore, Backdoor:Win32/Losfondup.B itself, is running instead of the genuine one, Backdoor:Win32/Losfondup.B stops 'svchost.exe' and runs the commands, which initiate the changed 'SENS' service.

Table of Contents

SpyHunter Detects & Remove Backdoor:Win32/Losfondup.B

File System Details

Backdoor:Win32/Losfondup.B may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	ylccvty.dll
Name: ylccvty.dll Type: Dynamic link library Group: Malware file
2.	[startup folder]\widoexe.js
Name: [startup folder]\widoexe.js Type: JavaScript file Group: Malware file
3.	noliwutejnm.dat
Name: noliwutejnm.dat Type: Data file Group: Malware file
4.	mnjetuwilon.dat
Name: mnjetuwilon.dat Type: Data file Group: Malware file
5.	%ALLUSERSPROFILE%\Documents\[reverse malware file name].dat
Name: %ALLUSERSPROFILE%\Documents\[reverse malware file name].dat Type: Data file Group: Malware file
6.	4251f8a819c7b2999724e177b72bdbff	4251f8a819c7b2999724e177b72bdbff	0
Name: 4251f8a819c7b2999724e177b72bdbff MD5: 4251f8a819c7b2999724e177b72bdbff Size: 689.06 KB (689068 bytes) Detections: 0 Group: Malware file Last Updated: February 11, 2013
7.	ac0e2cd7093d8303cd6d3c1b703be70c	ac0e2cd7093d8303cd6d3c1b703be70c	0
Name: ac0e2cd7093d8303cd6d3c1b703be70c MD5: ac0e2cd7093d8303cd6d3c1b703be70c Size: 188.41 KB (188416 bytes) Detections: 0 Group: Malware file Last Updated: February 11, 2013

Registry Details

Backdoor:Win32/Losfondup.B may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SENS\Parameters "ServiceDll" = "%AllUserProfile%\Application Data\[RANDOM NAME].dat"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\COMSysApp "Start" = "0x02"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SENS "Start" = "0x02"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Backdoor:Win32/Losfondup.B

SpyHunter Detects & Remove Backdoor:Win32/Losfondup.B

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen